Asymmetric Encryption - security

If a public key is used to encrypt the private key, and the public key is known to everyone, what is stopping a hacker from intercepting the private key, then using the public key to decrypt it and then using the private key to decrypt and encoded message?

The way public/private key crypto works is that anyone can use the public key to encrypt a piece of data, but you need the private key (which the owner does not distribute) in order to decrypt that data.
It doesn't matter that the data being encrypted is the private key itself.

Related

JWT with RSA public and private key

I don't understand why I should use the public key in signing JWT. The private key is there so that the JWT token cannot be forged, yes? But why additionally sign it with a public key? Are there any benefits? Because I don't understand it at all. After all, a JWT signed with a private key can be read without the public key. What is this public key for?
Signing a JWT means you take the cleartext, signing it with a key - either the private key from an RSA pair or a symmetric key, then add the signature to the JWT. The JWT itself is still readable without decrtypting the signature. But someone with the key can decrypt the signature and confirm the contents match the cleartext.
The advantage of using RSA over symmetric key is that anyone can verify the signature without them having to have a secret key. You can either pass the public key to the JWT recipient over a side channel, or if using OAuth2 it provides a URL to access public keys.
You would use the public key for encrypting, not signing. You encrypt with the recipient's public key so that only the recipient can decrypt it.

NodeJS SubtleCrypto - Multiple keyUsage for RSA Keys

I'm so sorry for the ambiguous title of this question, i'm not really sure how to phrase this.
I've generated a Public and Private key using SubtleCrypto in NodeJS like so:
const { publicKey, privateKey } = await subtle.generateKey({
name: 'RSA-OAEP',
4096,
new Uint8Array([1, 0, 1]),
'SHA-256',
}, true, ['encrypt', 'decrypt']);
And this works perfectly for one use case:
Public Key to Encrypt, Private Key to Decrypt.
However, the way I wish to implement RSA in my project is as such:
Client asks Server for a Public Key
Client encrypts payload using Public Key
Server decrypts payload using Private Key
Server encrypts response payload using Private Key
Client decrypts response payload using Public Key
When I try to perform Step 4, i encountered this error:
The requested operation is not valid for the provided key
Is there a way to specify that each key could be used for Encrypt & Decrypt?
Also if my implementation is completely wrong, i'm sorry for that.
Step 4, as described by you, is a signing operation. Signing is very different from encrypting data. For this to work, both, client and server would need their own keypair:
client: client public key & client private key
server: server public key & server private key
Client uploads its client public key
Client asks server for the server public key
Client encrypts payload using the server public key
Server decrypts payload using the server private key
Server encrypts response payload using client public key
Client decrypts response payload using client private key
Besides the possible huge computational workload of encrypting and decrypting large amount of data using RSA, what is the threat model here and what do you want to achieve? You should be very careful if you really want to deploy this into production, as you seem to be rather inexperienced with this topic (no offense here).

Hot to verify a public key's extensions before importing it to GnuPG?

How do I verify a user's extended public key file's integrity (when downloading through a connection that lacks confidentiality and authentication) when I have their previous (now expired) public key in my keyring? Is their expired key sufficient information to verify the extended key? Consider the below scenario:
I have Bob's trusted public key in my keyring.
Bob's key expired yesterday, so he extended his keypair and uploaded a new ascii-armoured public key to his website.
I downloaded Bob's new public key file over http, and I want to verify it.
Is the new public key file signed with his old key in a verifiable way? How would I verify the integrity of the new key file utilizing his existing (expired) key in my keyring?
For a general scenario with a new key pair: If either the key itself is signed by his old key (this is the usual way to do such key changes) and/or the key file you downloaded is signed by his old key, you can verify and validate the signature anyway: all that happens is GnuPG indicating that the key already expired.
But you wrote
Bob's key expired yesterday, so he extended his keypair and uploaded a new ascii-armoured public key to his website
Extending the key's validity does not produce a different key. They key is identified by the tuple of public key and creation timestamp, which is hashed together to the fingerprint of the key. Short and long key IDs are derived from that. If all he did is indeed extend the validity of the key, simply import the key. The signature and trust you issued on that key are still valid.
If you wish you can compare at least the long key ID before importing, run
gpg --keyid-format 0xlong [key-file]
and compare with the key already in your key chain.
Anyway: don't simply trust keys in your key chain, but use signatures and trust instead. Lots of mail clients automatically fetch keys to verify signatures, you might have fetched some (unvalidated) keys for reading signatures issued on other keys, ...

How to generate a pgp public keyring with bouncycastle without having a private key

I'm trying to perform pgp encryption/decryption operations via Camel / Bouncy Castle PGP where I store the used keys in a JKS files and generate PGP keyrings on the fly from the public/private keys in the JKS stores (Camel only works with keyrings - it can't use keys direclty).
The problem comes when I need to perform an PGP encrypt operation where I only get a public key with which I should do the encryption and I don't have/need a private key. I checked the Bouncy Castle PGP API at http://www.bouncycastle.org/docs/pgdocs1.5on/index.html and found no way to generate a PGP public keyring without having at least one private key.
To be more specific - the only way to create a PGP keyring is to use the org.bouncycastle.openpgp.PGPKeyRingGenerator class but all its constructors need a (non null) PGPKeyPair argument which needs a PGP Public Key.
Is it possible at all to have a PGP public key ring without having a private key?
Thank you

What's the purpose of a private key passphrase?

Sometimes, I see users use a private key and passphrase to log in.
So, does it mean the public key is stored on the log in server?
What's the purpose of the pass phrase?
Yes, the server stores the public key, and the client stores the private key. A security feature to prevent stolen private keys from being useful to the thief is to encrypt them. The passphrase allows you to decrypt the private key to use it. Without the passphrase, the key is useless.
You know whether a key is encrypted generally by looking at the PEM header surrounding it. For example, a DSA private key encrypted with 3DES in PEM format might look like this:
-----BEGIN DSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,BF6892D860EC969F
<encrypted key data here>
-----END DSA PRIVATE KEY-----
Whereas an unencrypted DSA private key in PEM format would not have a header saying it's encrypted:
-----BEGIN DSA PRIVATE KEY-----
<unencrypted key data here>
-----END DSA PRIVATE KEY-----

Resources